Note When naming ACE objects (such as a real server, virtual server, parameter map, class map, health probe, and so on), enter an alphanumeric string of 1 to 64 characters, which can include the following special characters: underscore (_), hyphen (-), and dot (.). Spaces are not allowed.

If you are using ANM with an ACE module or ACE appliance and you configure a named object at the ACE CLI, keep in mind that ANM does not support all of the special characters that the ACE CLI allows you to use when configuring a named object. If you use special characters that ANM does not support, you may not be able to import or manage the ACE using ANM.

Information About Application Template Definitions and Instances

The ANM application template definitions allow you to quickly configure one or more ACE virtual contexts (or devices) with a complex configuration for well-known or custom in-house applications. A template is defined by an XML template definition file, which contains the configuration that is deployed to a device with place holders for variable replacement. The template variables are presented to the user in the ANM GUI.

The two types of application template definitions are as follows:

•System templates—Defined by Cisco and included in ANM for major applications. You can edit a system file to customize it if needed.

Examples of system templates are as follows:

–Basic HTTP

–DNS

–DWS with Cisco Nexus 7000 OTV

–FTP

–Java Application Server

–Layer 3 LB

–Layer 4 LB

–Microsoft Exchange 2010

–Microsoft SharePoint 2010

–RDP

–Secure Webserver

•User-defined templates—User defined for custom applications. You can create a user-defined template that is based on an existing template or you can create a template using the base code provided in this chapter.

The template file follows a specific schema that is defined by ANM. All user-defined templates must follow this schema before ANM can deploy it to an ACE. You can create or edit a template using the internal ANM template editor or you can use the template export and import feature that allows you to use an external XML editor.

Using application template definitions, you create application template instances, which are based on the template that you choose. You can display and manage application template instances on a global or device-specific level.

Guidelines and Restrictions

The variable fields of an application template definition are role-based access controlled (RBAC), which means that when you use a template to create an application template instance, your user account must be configured with the required roles that will allow you to enter the variable information. ANM does not allow you to enter variable information for those fields that you are not permitted to fill in. If you are not permitted to enter all the variable information, you can save the incomplete template instance with the information that you are allowed to input, and then have a user with the required roles complete the template instance so that it can be deployed.

Managing Application Template Instances

Application template instances are ACE configurations that you create based on a specific application template definition. ANM maintains a table of the template instances that you create using ANM, which you can view by doing one of the following:

•To display the template instances of all devices, display the global view by doing one of the following:

–Choose Home and from the Configuration category, choose Application Template Instances.

•Incomplete—Template instance attributes have not all been defined so it cannot be deployed. This status is possible only when the Type field displays Staged.

Last Updated Time

Last time that ANM retrieved the status information.

From the Application Template Instances window, you can perform such tasks as creating, editing, deploying, or deleting a template instance.

Note ANM tracks only application template instances that you create and deploy using ANM. It does not discover template instances that may reside on an ACE. For example, if you use the CLI to configure an ACE with a configuration that matches an installed application template configuration, you will not see this configuration listed as a template instance in the ANM GUI (Config > Global > Application Template Instances).

Table 4-2 describes some variable attributes that are associated with the system templates included with ANM. Use the information provided here to define the variables.

Table 4-2 System Template Attributes

Field

Description

Application Configuration

Visual grouping of application-specific options.

Application Config Name

Name of the application that is used as a base name for many ACE objects, such as class maps, policy maps, stickies, or server farms.

VIP Address/Exchange VIP Address

Application server VIP address, which is generally the IP address that appears in DNS for the application. You can enter an IPv4 or IPv6 formatted address here; however, IPv6 requires ACE software Version A5(1.0) or later. Optionally, an IPv4 can include a prefix of /32 or less, and an IPv6 address can include a prefix of /128 or less.

IP addresses of the servers that are being load balanced. You can enter an IPv4 or IPv6 formatted address here; however, IPv6 requires ACE software Version A5(1.0) or later.

Relative Probe URL

File location that the ACE health check probes.

FQDN

Fully qualified domain name that is used for web host redirection. The %H string redirects based on the hostname in the header of the client HTTP requests.

Web Front End Port

Real server port on which the service is running.

Secure communications between Load Balancers and Servers

Check box option that when checked, instructs the ACE to use SSL to encrypt the traffic between it and the real servers.

Key Type

SSL key type. Choose one of the following from the drop-down list:

•PKCS12

•DER

•PEM

SSL Key URL

Field that appears only when the Key Type field is set to PKCS12 or DER. The TFTP, FTP, or SFTP URL including a key server IP address. You must use two forward slashes (//) to do absolute references; otherwise, the user home directory is used as the base path.

Key Server Username

Field that appears only when the Key Type field is set to PKCS12 or DER. The username to use for SFTP or FTP with the SSL key URL.

Key Server Password

Field that appears only when the Key Type field is set to PKCS12 or DER. The password to use for SFTP or FTP with the SSL key URL.

SSL Key

Field that appears only when the Key Type field is set to PEM. The SSL key that the ACE uses to decrypt and encrypt traffic from the client.

SSL Certificate

Field that appears only when the Key Type field is set to PEM. The SSL certificate that the ACE presents to the client.

Cert/Key Passphrase

Optional passphrase that the key and certificate are encrypted.

Session Persistence

Check box option that when checked, enables session persistence. Depending on the type of template, the persistence type is generally either IP Netmask or HTTP Cookie.

Virtual context to which the template is deployed. When you access the Application Template Instances window through device configurations (Config > Devices > context > Load Balancing > Application Template Instances), this field is already populated with the specified virtual context. When you access the Application Template Instances window through the Home page or global configuration, choose the virtual context from the drop-down device tree.

Client VLANs

VLANs on which client traffic originates.

Enable Source NAT

Check box option that when checked, specifies that traffic from the servers must have source NAT applied in order to return to the ACE. In general, you do not want to enable this feature if your ACE is installed in a one-armed network topology (see the "ACE Network Topology Overview" section).

Note You must define NAT pools on the server interfaces before you select this option.

Step 6 Do one of the following:

•Click Deploy to deploy the template instance to the device. The deployment verification popup window appears. Go to Step 7.

Note The Deploy option requires a user account with the following RBAC task assigned to it: ace_virtualcontext=create.

•Click Stage to save the template instance without deploying it to the specified virtual context.

•Click OK to deploy the template instance. The Deploy dialog box appears, which displays the list of configuration attributes to be deployed. Go to Step 8.

•Click Cancel to exit this procedure without deploying the template instance.

Step 8 In the dialog box, do the following:

a. (Optional) Check the Create Named Checkpoint check box to create a checkpoint that ANM does not delete after a successful deployment.

This check box works as follows:

–Unchecked—ANM creates a checkpoint that you can revert back to if the deployment of the staged application template is unsuccessful. ANM assigns a random name to the checkpoint and deletes the checkpoint after a successful deployment.

–Checked—ANM creates a checkpoint that you name and can revert back to at any time because ANM does not delete it even after a successful deployment.

Note ACE virtual contexts have a limit of 10 checkpoints. If you attempt to exceed this limit, ANM does not deploy the template instance.

b. Do one of the following:

–Click Deploy Now. The template instance is applied to the device running-configuration and startup-configuration files. The Results window appears with the deployment status as follows:

•Click Cancel to exit this procedure without deploying the template instance.

Step 4 In the dialog box, do the following:

a. (Optional) Check the Create Named Checkpoint check box to create a checkpoint that ANM does not delete after a successful deployment.

This check box works as follows:

–Unchecked—ANM creates a checkpoint that you can revert back to if the deployment of the staged application template is unsuccessful. ANM assigns a random name to the checkpoint and deletes the checkpoint after a successful deployment.

–Checked—ANM creates a checkpoint that you name and can revert back to at any time because ANM does not delete it even after a successful deployment.

Note ACE virtual contexts have a limit of 10 checkpoints. If you attempt to exceed this limit, ANM does not deploy the template instance.

b. Do one of the following:

–Click Deploy Now. The template instance is applied to the device running-configuration and startup-configuration files. The Results window appears with the deployment status as follows:

•Click OK to deploy the template instance. The Deploy dialog box appears, which displays the list of configuration attributes to be deployed. Go to Step 6.

•Click Cancel to exit this procedure without deploying the template instance.

Step 6 From the Deploy dialog box, do the following:

a. (Optional) Check the Create Named Checkpoint check box to create a checkpoint that ANM does not delete after a successful deployment.

This check box works as follows:

–Unchecked—ANM creates a checkpoint that you can revert back to if the deployment of the staged application template is unsuccessful. ANM assigns a random name to the checkpoint and deletes the checkpoint after a successful deployment.

–Checked—ANM creates a checkpoint that you name and can revert back to at any time because ANM does not delete it even after a successful deployment.

Note ACE virtual contexts have a limit of 10 checkpoints. If you attempt to exceed this limit, ANM does not deploy the template instance.

b. Do one of the following:

–Click Deploy Now. The template instance is applied to the device running-configuration and startup-configuration files. The Results window appears with the deployment status as follows:

•Click OK to deploy the template instance. The Deploy dialog box appears, which displays the list of configuration attributes to be deployed. Go to Step 6.

•Click Cancel to exit this procedure without deploying the template instance.

Step 7 In the dialog box, do the following:

a. (Optional) Check the Create Named Checkpoint check box to create a checkpoint that ANM does not delete after a successful deployment.

This check box works as follows:

–Unchecked—ANM creates a checkpoint that you can revert back to if the deployment of the staged application template is unsuccessful. ANM assigns a random name to the checkpoint and deletes the checkpoint after a successful deployment.

–Checked—ANM creates a checkpoint that you name and can revert back to at any time because ANM does not delete it even after a successful deployment.

Note ACE virtual contexts have a limit of 10 checkpoints. If you attempt to exceed this limit, ANM does not deploy the template instance.

b. Do one of the following:

–Click Deploy Now. The template instance is applied to the device running-configuration and startup-configuration files. The Results window appears with the deployment status as follows:

Viewing and Editing Application Template Instance Details

You can view the configuration details of an application template instance, such as the real servers and server farms associated with the template instance. The view details feature also allows you to open the configuration window of a specific attribute to make changes if needed.

Guidelines and Restrictions

This topic includes the following guidelines and restrictions:

•You can view the details of deployed template instance but you cannot view the details of a staged template instance.

•ANM tracks only application template instances that you create and deploy using ANM. It does not discover template instances that may reside on an ACE. For example, if you use the CLI to configure an ACE with a configuration that matches an installed application template configuration, you will not see this configuration listed as a template instance in the ANM GUI (Config > Global > Application Template Instances).

Procedure

Step 1 View the list of application template instances by doing one of the following:

•To display the template instances of all devices, display the global view by doing one of the following:

–Choose Home and from the Configuration category, choose Application Template Instances.

The Application Template Instances window appears, displaying the information described in Table 4-1.

Step 2 From the Application Template Instances window, view the details of a configuration by choosing a template instance name and clicking Details.

The Application Template Instance - Detail window appears, displaying details about the configuration objects. The information that displays varies depending on the template instance and user input. Configuration objects that can appear include the following:

•Virtual Servers

•Probe

•SSL Chain Group Parameters

•Server Farms

•SSL Proxy Service

•SSL Parameter Maps

•Real Servers

•SSL Keys

•HTTP Parameter Maps

•Redirect Real Servers

•SSL Certificates

•TCP Parameter Maps

•Sticky

•SSL Auth Group Parameters

•HTTP Header Modify Action Lists

Step 3 To view and edit one of the objects, click the Go To Config Page link.

The associated attribute window opens, such as the Virtual Server, Real Server, or Server Farm window, where all the objects associated with the attribute display. For example, if you click the Go To Config Page link associated with a real server, the Real Servers window appears, displaying the complete table of real servers. You must locate the real server in the table to view its details and make changes to it if needed.

Deleting an Application Template Instance

You can delete an application template instance.

Guidelines and Restrictions

When you delete a deployed template instance, the virtual context configuration attributes that were added or modified as a result of deploying the application configuration are changed back to what they were prior to deploying the template instance, which means that if the virtual context was configured and operating prior to deploying the template instance, it reverts to operating with the previous configuration after you delete the template instance.

Prerequisites

You must have a user account with the following RBAC task assigned to it: ace_virtualcontext=create.

Procedure

Step 1 View the list of application configurations by doing one of the following:

•To display the template instances of all devices, display the global view by doing one of the following:

–Choose Home and from the Configuration category, choose Application Template Instances.

The Application Template Instances window appears, displaying the information described in Table 4-1.

Step 2 From the Application Template Instances window, choose the template instance to delete and click the Delete icon ().

ANM removes the template instance from the table. If the template instance was of the type Saved, no virtual context operations are affected. If the template instance was of the type Deployed, the associated virtual context operations are affected as described in the "Guidelines and Restrictions" section.

Editing an Application Template Definition

You can edit the XML code of an application template definition file from within ANM using the template editor that comes with ANM, or you can export the template definition file and edit it outside of ANM using an XML editor or text editor such as WordPad.

To help you understand how a template can be edited to suit your particular requirements, this section includes an example that involves editing the probe information in the Basic HTTP system template. In the code editing example, the probe interval value is changed from a set value of 60 seconds to a variable with a default of 60 seconds. This change allows you to configure the interval value when you use the template to create an application template instance (see the "Creating an Application Template Instance" section).

Figure 4-1 highlights the XML code for the probe URI variable and its set interval value. The figure also shows the GUI window that the code produces, including the variable field for inputting the relative probe URI.

Figure 4-1 Basic HTTP Template: Probe with Set Interval Value

You can modify a template to fit your particular requirements. Figure 4-2 highlights the probe code that was added or modified to produce a variable field in the GUI that allows you to set the probe interval if you do not want to use the default value of 60 seconds.

New code that defines a probe interval variable (probe_interval) that has a default value of 60.

3

Modified code that changes the set probe interval value (60) to a variable ($probe_interval).

GUI Changes

4

Modified template identification bar that includes the new version number (1.1).

5

New user field that allows the user to specify a probe interval other than the default of 60.

Guidelines and Restrictions

This topic includes the following guidelines and restrictions:

•You can edit the template definition within ANM using the ANM template editor or you can export the template file, edit the code using a text editor such as WordPad, and then import the modified template file.

•When editing a system template file, in the XML code you must change the template type or version number (or both).

•By default, templates that you created using the ANM template editor display as options when using Application Setup in Guided Setup (see the "Using Application Setup" section). To configure a template not to display in Application Setup, either change the following code in the template root element from true to false or remove this piece of code from the root element:

•Click Validate to have ANM validate the application template definition file, which means that ANM checks to see that it is a well-formed XML document that follows the rules defined by the ANM Template XML schema. ANM highlights any errors in the code.

•Click Save to save your changes using the same filename. This button is not available when you edit a system template (you must use the Save As option).

•Click Save As to open the Save As New Template Definition popup window and save your changes under a new application type or version. The popup window text fields are populated with the attributes of the original file opened with the exception of the Version field, which ANM increments by one. If the version is not a number, the "-next" suffix is added to the version. From the popup window, modify the file attributes if needed and click Save.

Note When using the Save As feature, ANM does not allow you to save a template using the same application type and version number as the original template file. You must change either the application type or the version number.

•Click Exit to exit the template editor and return to the Application Template Definitions window.

Step 2 Using a text editor such as WordPad, open the template XML file that you exported in Step 1.

Step 3 Modify the template identification by doing one or both of the following in the header code:

•Assign a new value to the applicationType attribute.

•Change the version number attribute.

In the example (see Figure 4-2), the template version number is changed from 1 to 1.1.

version="1.1"

Note When you change the template name or version number and import the template, ANM displays the template as a new line item in the Application Template Definitions window even if you save the file under the same name (see Step 5).

Creating an Application Template Definition

You can create an ACE application template definition using the template editor that comes with ANM or you can use an external XML editor and import the template file. The ANM template editor provides you with several base application types that provide you with the basic XML code to get you started.

Guidelines and Restrictions

The ability to create a complex template requires a thorough knowledge of XML programming and the ACE CLI and is beyond the scope of this guide. For information about creating complex templates for configuring your ACEs, go to the Cisco Developer Network (CDN) site at the following URL:

Creating an Application Template Definition Using the ANM Template Editor

You can use the ANM Template editor to create a new Application Template Definition.

Guidelines and Restrictions

This topic includes the following guidelines and restrictions:

•The configuration options provided during the template creation process are provided as a starting point for defining the ACE configuration and are not intended to produce a fully written and functional configuration. You must complete the configuration with the specifics of your ACE application using the template editor. If your template is to be based on an existing ACE configuration, you can use the show running config command output as a model and a source for the needed configuration specifics (see the "Creating an Application Template Definition Using an External XML Editor" section).

•By default, templates that you create using the template editor display as options when using Application Setup in Guided Setup (see the "Using Application Setup" section). To configure a template not to display in Application Setup, change the following code in the template root element from true to false:

showsInGuidedSetup="false"

•When defining the variable fields in the XML code, you can enable the Basic/Advanced display feature that allows a user to hide certain variable fields when creating a template instance using the application template definition. Use this feature when you want to give the user creating a template instance the ability to hide optional variable fields or mandatory variable fields that have default values. The Basic view hides these fields while the Advanced view displays all available fields.

You can hide a specific variable field or variable array using the advanced attribute as follows:

–To hide a specific variable field in Basic view, add the advanced attribute to the variable element as follows:

When creating an application template instance, the Basic/Advanced display feature allows the user to set the view to Basic, which displays only the variable fields that require their input. For more information about configuring this feature, see the "Guidelines and Restrictions" section.

Step 6 When your edits are complete, do one of the following:

•Click Validate to have ANM validate the application template definition file, which means that ANM checks to see that it is a well-formed XML document that follows the rules defined by the ANM Template XML schema. ANM highlights any errors in the code.

Creating an Application Template Definition Using an External XML Editor

You can create a basic ACE application template definition using an external XML editor rather than the template editor that comes with ANM. The procedure shows how to create a base XML file with which to base your template on and then use the free form XML tag to encapsulate ACE CLI commands that you copy from a known working configuration and paste into the template. The example template that you create during the procedure will initialize a virtual context by doing the following:

•Specify a variable message of the day (MOTD) field.

•Enable logging.

•Specify a number of SNMP attributes, some of which are variables.

Guidelines and Restrictions

The ability to create a complex template requires a knowledge of XML programming and the ACE CLI and is beyond the scope of this guide. For information about creating complex templates for configuring your ACEs, go to the Cisco Developer Network (CDN) site at the following URL:

d. (Optional) Tag specific variable fields or variable arrays with the advanced attribute, which enables the Basic/Advanced display feature when creating a template instance that uses this application template definition.

When creating an application template instance, the Basic/Advanced display feature allows the user to set the view to Basic, which displays only the variable fields that require their input. For more information about configuring this feature, see the "Guidelines and Restrictions" section.

e. To configure a template not to display in Application Setup, change the following code in the template root element from true to false:

•You can import application template definitions that you created for use with ANM 5.1, which used an earlier version of the XML schema. When you import the template, ANM modifies the template root element as required by the current version of the XML schema. This modification does not affect the ACE configuration.

Procedure

Step 1 Choose Config > Global > Application Template Definitions.

The Application Template Definitions window appears, displaying the information described in Table 4-3.

Step 3 In the dialog box, click Browse to navigate to and choose the template file to upload.

Step 4 Click Upload.

The upload status box appears and displays one of the following messages:

•"Template is imported"—The template definition conforms to the XML schema. Click OK to close the popup window and complete the upload process.

•"Template is not imported because its XML structure is not valid"—ANM detected that the file does not contain properly structured XML code and cannot import the file.

•"Template is not imported because upload error was found"—A system or network error has occurred that prevented the upload. This message is not an indication that a problem exists with the template.

•"Template is imported, but the following errors were found"—The template contains properly structure XML code; however, the code does not conform to the XML schema. The message includes the errors found in the code.

ANM displays the template in the Application Template Definitions window.

Testing an Application Template Definition

You can test an application template definition. The test performs the following tasks:

•Displays the application configuration window to verify that the variable information the user is expected to fill in displays correctly.

•Performs a test deployment and displays the configuration attributes that will be deployed for a live application configuration deployment. If there is a problem with the template definition, an error message displays that indicates what the problem is with the source code.

Note The test deployment is done locally on ANM only. No commands are sent to an ACE.

Procedure

Step 1 Choose Config > Global > Application Template Definitions.

The Application Template Definitions window appears, displaying the information described in Table 4-3.

Step 2 From the Application Template Definitions window, choose a template to test and click Test.

Note If the template contains a boolean statement that allows you to choose one of two values, be sure to test both values. For example, if the template includes the Secure Backend Servers checkbox option, test the template with the check box checked (enabled) and unchecked (disabled).

Step 4 Click Cancel to close the Test popup window and return to the Application Template Definitions window.

Template type and version number. ANM displays an asterisk (*) next to the template type to indicate that a change to the template has been made but not saved.

2

Tool Bar

Editing tools that work as follows:

•Undo button—With each click, undoes the changes that you made but did not save, beginning with the most recent change made.

•Redo button—With each click, redoes the changes reversed by the Undo button, beginning with the most recent undo operation.

•Fix Indentation button—Corrects any indentation errors in the code.

•Wrap with:

–If button—Wraps the code that you highlight with the "if" opening and closing tags to create an if block.

–For button—Wraps the code that you highlight with the "foreach" opening and closing tags to create a foreach block.

If you do not highlight the code to wrap, ANM places the If or For block at the location of the cursor.

•Toggle Comments button—Makes the code that you highlighted a comment. You can use this feature to add description comments to sections of the code. You can also tag incomplete code as a comment until you are ready to complete it. At that time, you would highlight the commented code and click Toggle Comments again.

•Search text box—String to locate in the code. The template editor highlights all instances of the string. Use the following associated tools:

–Up button—Moves to the next instance of the search string above the currently highlighted instance.

–Down button—Moves to the next instance of the search string below the currently highlighted instance.

•Replace text box—String that is to replace the search string as follows:

–Replace button—Replaces only the currently highlighted occurrence of the search string.

–Replace All button—Replaces all occurrences of the search string.

3

Work Area

Area where the code is displayed and modified. The work area includes the following editing tools:

•Code folding—Allows you to expand or collapse sections of code as follows:

–—Collapses code group.

–—Expands code group.

ANM hides these icons and expands the code when an error exists.

•Code auto complete—ANM completes the code tag being entered or displays a list of possible options that match what has been entered so far. This feature works for a predefined set of elements only and is not available with every element type.

To use this feature, begin entering the start-tag and then press Ctrl + Space. Enter at least one character after the open character (<) before pressing Ctrl + Space. For example:

<var -->Press Ctrl + Space

<variable displayString="" name="" type="">

4

Error and Warning Indicators

Icons that appear when the code that does not conform to the XML schema as follows:

•—Warning indicator: Error exists; however, the error will not prevent deployment of the template.

•—Error indicator: Error exists that will prevent deployment of the template.

For details about the indicated error, see the Error Description Pane located at the bottom of the window or hover over the icon to open the popup error message display.

5

Error Description Pane

Descriptions of the detected errors in the code, which are also highlighted with Error and Warning Indicators. Because the error description text does not wrap, it can extend beyond the display. To view the entire description, hover over the message to open the popup error message display.

Displayed errors remain in this pane until you fix the issue and validate the fix by clicking Validate.

6

Function Buttons

Buttons that work as follows:

•Validate—ANM validates the application template definition file, which means that ANM checks to see that it is a well-formed XML document that follows the rules defined by the ANM Template XML schema. When ANM detects errors in the code, it highlights the errors with Error and Warning Indicators and displays the Error Description Pane. If you correct the code and click Validate again, ANM removes the error indicators and closes the error description pane if no other errors exist.

•Save—Saves your changes using the same filename.

Note the following when using this button:

–If any errors exist in the code, ANM displays a verification popup window, asking you to verify that you want to save the information regardless of the detected errors.

–If the code is not properly structured, ANM displays an error message stating that the template cannot be saved because the XML structure is not valid. For example, if you enter a tag and do not close it, this error occurs. You must correct the code error before ANM allows you to save the template.

–The Save button is not available when editing a system template, which requires that you use the Save As button.

•Save As—Saves the file to a different filename. This option opens the Save As New Template Definition popup window to save your changes under a new application type name or version. From the popup window, modify the file attributes if needed and click Save.

Note the following when using this button:

–ANM populates the popup window text fields with the attributes of the original file opened with the exception of the Version field, which ANM increments by one. If the version is not a number, ANM adds the "-next" suffix to the version.

–ANM does not allow you to save a template using the same application type and version number as the original template file. You must change either the application type or version number (or both).